Lucene search
K

42149 matches found

Circl
Circl
added yesterday4 views

CVE-2026-15028

creationtimestamp| type| source ---|---|--- 2026-07-10 12:03:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqc453ekyq2x 2026-07-10 12:36:29+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqc5ypgytn26 2026-07-10 13:20:44+00:00| seen|...

3.9CVSS6.1AI score0.00286EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday65 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS6.1AI score0.01027EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday69 views

Rudloff alltube prior to 3.0.1 - Open Redirect

An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1. id: CVE-2022-0692 info: name: Rudloff alltube prior to 3.0.1 - Open Redirect...

6.1CVSS6.1AI score0.03378EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday72 views

WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting

WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard. id: CVE-2022-2599 info: name: WordPress Anti-Malware Security an...

6.1CVSS6.3AI score0.0102EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday23 views

Orange Forum 1.4.0 - Open Redirect

Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-14474 info: nam...

6.1CVSS6.3AI score0.02257EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday183 views

Apache HTTP server v2.4.0 to v2.4.39 - Open Redirect

In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. id: CVE-2019-10098 info: name: Apache HTTP server v2.4.0 to v2.4.39 - Open...

6.1CVSS6.6AI score0.73981EPSS
Exploits1References6
Nuclei
Nuclei
added yesterday49 views

GetSimple CMS 3.3.13 - Open Redirect

GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-9915 info: name: GetSimple CMS...

6.1CVSS6.3AI score0.03626EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday45 views

DotCMS < 5.0.2 - Open Redirect

dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify...

6.1CVSS6.3AI score0.03717EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday116 views

Cisco Small Business 200,300 and 500 Series Switches - Open Redirect

Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-1943 info: name: Cisco Small...

6.1CVSS6.2AI score0.1051EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday26 views

OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect

OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2017-14524 info: name: OpenText...

6.1CVSS6.3AI score0.0294EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday72 views

WordPress AcyMailing <7.5.0 - Open Redirect

WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user. id: CVE-2021-24288...

6.1CVSS6.5AI score0.01939EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday67 views

Telaen => v1.3.1 - Open Redirect

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. id: CVE-2013-2621 info: name: Telaen = v1.3.1 - Open Redirect author: ctflearner severity: medium description: | Open Redirection...

6.1CVSS6.6AI score0.10692EPSS
Exploits4References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday5 views

Malicious code in nodemon-patch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 15ac606888cb1a54710bafa78dc76d760bef1088bb5e2cc0f0323614341345e5 The package is named nodemon-patch but its package.json metadata homepage https://nodemon.io, author Remy Sharp / github.com/remy, repository, fundin...

6.2AI score
Exploits0References3
Circl
Circl
added yesterday4 views

CVE-2026-15311

creationtimestamp| type| source ---|---|--- 2026-07-10 00:57:22+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqawwlemrj2q 2026-07-10 19:55:28+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcwjoofi22a...

5.1CVSS6.1AI score0.00203EPSS
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-15317

creationtimestamp| type| source ---|---|--- 2026-07-10 00:55:49+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqawtt3ljg2o...

7.5CVSS5.9AI score0.00247EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in n8n-nodes-mcputils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa6d921f2167545e1c8e1a4dfa9981a2b9ce2878b1406608d4673aadd00a761b The package poses as an n8n community node for MCP utility helpers but performs unrelated binary-dropper actions. The postinstall lifecycle script ru...

5.9AI score
Exploits0References2
The Hacker News
The Hacker News
added 2 days ago7 views

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 CVSS score: 7.8, is a privilege escalation issue in the Microsoft Malware Protection Engine "mpengine.dll...

7.8CVSS7AI score0.03391EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in clavuepro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 97a9e3cf794eb2bc8d9ebb4bab007a52bf9fc1ed9dbc3db19695542503ec253e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
NVD
NVD
added 3 days ago8 views

CVE-2026-35210

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00269EPSS
Exploits0References4
CVE
CVE
added 3 days ago11 views

CVE-2026-35210

Summary: OpenCTI prior to version 7.260326.0 contains an authorization bypass via the synchronized-upsert: true HTTP header, exploitable by any authenticated user with KNOWLEDGE_KNUPDATE permission. This allows bypassing Confidence Level validation and Object Marking restrictions, enabling attack...

7.1CVSS5.9AI score0.00269EPSS
Exploits0References4
Rows per page
Query Builder